package com.csii.security.store;

import com.csii.security.properites.SecurityConstants;
import com.csii.user.entity.SysDepart;
import com.csii.user.entity.SysUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

/**
 * token增强，客户端模式不增强。
 *
 * @author daixiaochun@csiisz.com
 */
public class ColaTokenEnhancer implements TokenEnhancer
{

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication)
    {
        if (SecurityConstants.CLIENT_CREDENTIALS
                .equals(oAuth2Authentication.getOAuth2Request().getGrantType()))
        {
            return oAuth2AccessToken;
        }
        Map<String, Object> info = new HashMap<>(14);
        Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
        SysUser userInfo = (SysUser) userAuthentication.getPrincipal();
        //用户ID
        info.put(SecurityConstants.DETAILS_USER_ID, userInfo.getId());
        //用户名
        info.put(SecurityConstants.DETAILS_USERNAME, userInfo.getUsername());
        //openID
        info.put(SecurityConstants.OPEN_ID,userInfo.getThirdId());
        //openID 类型
        info.put(SecurityConstants.OPEN_TYPE,userInfo.getThirdType());
        //真实姓名
        info.put(SecurityConstants.NICK_NAME,userInfo.getRealname());
        //所属租户
        info.put(SecurityConstants.DETAILS_TENANT_ID,userInfo.getRelTenantIds());
        //手机号
        info.put(SecurityConstants.DETAILS_PHONE, userInfo.getPhone());
        //邮箱
        info.put(SecurityConstants.DETAILS_EMAIL, userInfo.getEmail());
        //头像
        info.put(SecurityConstants.DETAILS_AVATAR, userInfo.getAvatar());
        //证件号
        info.put(SecurityConstants.USER_IDENTITY,userInfo.getUserIdentity());
        //主管部门
        info.put(SecurityConstants.DETAILS_PARENT_USER_ID,userInfo.getDepartIds());
        //所属部门
        info.put(SecurityConstants.DEPARTS_CODE,userInfo.getDeparts()==null?"":userInfo.getDeparts().stream().map(SysDepart::getOrgCode).collect(Collectors.joining(",")));
        //创建时间
        info.put(SecurityConstants.CREATE_TIME,String.valueOf(userInfo.getCreateTime().getTime()));
        //当前登录部门
        info.put(SecurityConstants.ORG_CODE,userInfo.getOrgCode());
        //工号
        info.put(SecurityConstants.WORK_NO,userInfo.getWorkNo());
        //职位
        info.put(SecurityConstants.POST_NAME,userInfo.getPostName());
        Set<String> role = AuthorityUtils.authorityListToSet(userAuthentication.getAuthorities());
        info.put(SecurityConstants.IS_SUPER_ADMIN,"0".equals(userInfo.getRelTenantIds()) && role.contains("ROLE_admin") ? "1":"0");
        ((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(info);
        return oAuth2AccessToken;
    }

}
